Endpoint

Sophos Endpoint Security and Control 10.3 Recommended release notes

January 2016

About these release notes

These are the release notes for Sophos Endpoint Security and Control 10.3 for Windows Recommended versions, managed by Sophos Enterprise Console or standalone.

Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

Note: You may find that you cannot yet download and use the latest version on the list below. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

Version 10.3.15, January 2016

Components

Sophos Anti-Virus (SAV) 10.3.15
Threat detection engine 3.63.0
Sophos Client Firewall (SCF) 3.0.4 (Windows 8 and later)

2.9.5 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 4.3.10
Sophos Patch Agent 1.0.308.0
Sophos Web Control 10.3.10
Sophos Remote Management System 4.0.2

Updated components

The threat detection engine has been updated from 3.60.0 to 3.63.0. For information about the changes to the threat detection engine, see the Sophos Threat Detection Engine release notes.

Version 10.3.15, July 2015

Components

Sophos Anti-Virus (SAV) 10.3.15
Threat detection engine 3.60.0
Sophos Client Firewall (SCF) 3.0.4 (Windows 8 and later)

2.9.5 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 4.3.10
Sophos Patch Agent 1.0.308.0
Sophos Web Control 10.3.10
Sophos Remote Management System 4.0.2

New features

  • Initial support for Windows 10

    With Sophos Endpoint Security and Control 10.3.15, you can protect a Windows 10 computer directly or upgrade your computer to Windows 10 following one of Microsoft’s supported upgrade paths from Windows 7 or 8.1.

    If you are upgrading from an earlier Windows version and are using Endpoint Security and Control 10.3.15 or above, the endpoint protection will migrate along with the operating system and your protection will continue automatically. You may need to take some actions to finalize the update following migration in order to ensure you have full protection. For example, you may need to perform one additional reboot, or to use the “reprotect” option in Sophos Enterprise Console (SEC) to correct minor inconsistencies in the registry. Please read our extensive upgrade notes in knowledgebase article 122504 for advice on what to expect in your environment, and see also Known issues and limitations. When installed directly on Windows 10, Sophos Endpoint Security and Control gives the same threat protection and threat protection options that you are used to on Windows 7, 8 and 8.1.

Updated components

  • Sophos Anti-Virus has been updated from 10.3.13 to 10.3.15.
  • Sophos AutoUpdate has been updated from 4.1.0.273 to 4.3.10.
  • Sophos Client Firewall has been updated from 3.0.3 to 3.0.4 and from 2.9.4 to 2.9.5.
  • The threat detection engine has been updated from 3.58.3 to 3.60.0. For information about the changes to the threat detection engine, see the Sophos Threat Detection Engine release notes.

Version 10.3.13, April 2015

Components

Sophos Anti-Virus (SAV) 10.3.13
Threat detection engine 3.58.3
Sophos Client Firewall (SCF) 3.0.3 (Windows 8)

2.9.4 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 4.1.0.273
Sophos Patch Agent 1.0.308.0
Sophos Web Control 10.3.10
Sophos Remote Management System 4.0.2

Updated components

  • Sophos Anti-Virus has been updated from 10.3.12 to 10.3.13.
  • The threat detection engine has been updated from 3.55.0 to 3.58.3. For information about the changes to the threat detection engine, see the threat detection engine release notes.
  • Sophos AutoUpdate has been updated from 4.1.0.65 to 4.1.0.273.
  • Sophos Patch Agent has been updated from 1.0.307.0 to 1.0.308.0.
  • Sophos Remote Management System has been updated from 3.4.1 to 4.0.2.

New features

Component Description
Sophos Device Control Kingston DataTraveler Locker+ G3 16GB USB flash drive has been added to the list of secure removable storage devices. (WINEP-606)

Resolved issues

Component Issue ID Description
Sophos Anti-Virus WINEP-13 2 GB memory allowance for a 32-bit application exhausted when decomposing a folder.
Sophos AutoUpdate WINEP-14 Update to Sophos Anti-Virus 10.3.7 causes the AutoUpdate's component ALUpdate.exe to delete 10 GB worth of files on the system.
Sophos Anti-Virus WINEP-16 iSCSI mount points cannot be excluded from on-access scanning.
Sophos Anti-Virus WINEP-17 GPO makes it impossible to use right-click scanning or open Quarantine Manager when you click on a detection notification.
Sophos Anti-Virus WINEP-18 A major Sophos Anti-Virus upgrade or downgrade causes PureMessage to fail to open for 4 minutes.
Sophos Anti-Virus

WINEP-24,
WINEP-42,
WINEP-44,
WINEP-45,
WINEP-51,
WINEP-266

Various media streaming websites are not working when Download scanning under Web Protection is enabled.
Sophos Device Control WINEP-47 Kanguru Defender 2000 4GB is not detected as a secure device.
Sophos Anti-Virus   Sophos Web Intelligence uses an increasing number of handles.
Sophos Device Control WINEP-81 SafeToGo STG2-M device added to the list of secure removable storage devices in Sophos Anti-Virus 10.3.11 is not classed as a secure device for non-administrator accounts.
Sophos Anti-Virus WINEP-128 Web Protection functionality conflicts with the LanSchool software.
Sophos Remote Management System WINEP-176 Endpoint routers sometimes fail to re-establish connections after rejection.
Sophos Patch Agent WINEP-327 Sophos Patch Agent needs to be updated to handle latest non-Microsoft patches from Lumension.
Sophos Anti-Virus WINEP-340 Web Protection functionality conflicts with the Hummingbird SOCKS application.
Sophos Anti-Virus   On a Windows 8 or later endpoint with Full Web Control enabled and managed by a UTM appliance, internal SSL sites are failing when accessed by IP.
Sophos Anti-Virus WINEP-342 Sophos Web Intelligence service (swi_service.exe) disappears after the upgrade to Sophos Anti-Virus 10.3.11.
Sophos Anti-Virus WINEP-381 Preserve the ODScanUpdateMetadata registry key during major upgrades of Sophos Anti-Virus.
Sophos AutoUpdate WINEP-649 BASIC proxy authentication fails with Sophos AutoUpdate 4.1.0.65 (Sophos Anti-Virus 10.3.12).

Version 10.3.12, January 2015

Components

Sophos Anti-Virus (SAV) 10.3.12
Threat detection engine 3.55
Sophos Client Firewall (SCF) 3.0.3 (Windows 8)

2.9.4 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 4.1.0
Sophos Patch Agent 1.0.307.0

From this release, Endpoint Security and Control no longer includes Sophos NAC. See knowledgebase article 120007.

Updated components

  • Sophos Anti-Virus updated from 10.3.11.2 to 10.3.12.
  • Threat detection engine updated from 3.53 to 3.55.
  • Sophos AutoUpdate updated from 3.1.4 to 4.1.0.

Resolved issues

Component Issue ID Description
Sophos Anti-Virus, Sophos Web Control   Web browsing speed improvements when using Sophos Web Control or Web Protection.
Sophos Anti-Virus WKI97820 Resolved compatibility issues between Microsoft Enhanced Mitigation Experience Toolkit (EMET) "Caller Check" and Sophos hooks.

Version 10.3.11, October 2014

Components

Sophos Anti-Virus (SAV) 10.3.11.2
Threat detection engine 3.53
Sophos Client Firewall (SCF) 3.0.3 (Windows 8)

2.9.4 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 3.1.4
Sophos Patch Agent 1.0.307.0

New features

Component Description
Sophos Anti-Virus The on-access file system filter driver for Windows 8, Windows 8.1, Windows 2012 and Windows 2012 R2 has been updated to improve system performance.
Sophos Anti-Virus The threat detection engine has been updated.
Sophos Device Control The following devices have been added to the list of secure removable storage devices:
  • CTWO SafeXs 3.0 secure USB flash drive
  • SafeToGo hardware-encrypted USB flash drive
  • Imation IronKey Basic D250 USB flash drive
  • Kingston's DataTraveler Vault Privacy 3.0 USB flash drive
  • DataLocker Sentry FIPS 140-2 Drive
Sophos Device Control Intel Centrino Wireless Bluetooth Adapter has been added to the list of bluetooth interfaces.
Competitor Removal Tool The following products have been added to the Sophos Competitor Removal Tool integrated with Sophos Endpoint Security and Control (iCRT):
  • Symantec Endpoint Protection v12.1.4013.4013
  • Norman Endpoint Protection 9

Resolved issues

Component Issue ID Description
Sophos Anti-Virus, Sophos AutoUpdate KB121385 Fixed an installation and upgrade issue that occurred on Windows Server 2003 following the release of Microsoft Security Update KB2918614.
Sophos Anti-Virus DEF97549 Unquoted paths in the Sophos Anti-Virus 10.3.7 installer cause the installation, upgrade or uninstallation of Sophos Anti-Virus to fail on 64-bit versions of Windows. This happens if a file with a file name beginning with "program" is present in the root of the system drive.
Sophos Anti-Virus DEF97183 Sophos Anti-Virus 10.3.7 does not install on a Server Core installation of Windows Server 2012.
Sophos Anti-Virus DEF88319 Email alerting settings for right-click scanning do not change when the global email alerting settings are changed.
Sophos AutoUpdate WKI97704 The updating status "Unknown" is displayed in the Up to date column in Sophos Enterprise Console after a major Sophos AutoUpdate upgrade on an endpoint and until the next endpoint update. This happens because not all of the old threat identity (IDE) files are being deleted on upgrade; they are then deleted during the next update.
Sophos AutoUpdate DEF97693 The Sophos Agent service (ManagementAgentNT.exe) crashes when the size of the Sophos AutoUpdate policy file is 0 bytes.
Sophos AutoUpdate WKI97618 In Endpoint Security and Control 10.3.7, Sophos AutoUpdate doesn't work if Citrix Single Sign-On Plug-in is installed on the same machine.
Sophos AutoUpdate WKI97582 In Endpoint Security and Control 10.3.7, Sophos AutoUpdate 3.1 doesn't work if a Hummingbird client is installed on the same machine.
Sophos AutoUpdate DEF97279 Basic authentication for proxies fails with Sophos Anti-Virus 10.3.7.
Sophos AutoUpdate DEF97247 Updating fails with manifest errors when a standalone Sophos Anti-Virus package is installed to a non-default location and then updated from a Central Installation Directory (CID).
Sophos AutoUpdate DEF95816 When Sophos AutoUpdate 2.x is upgraded to version 3.1 on an endpoint that updates from a CID, the following error message appears:

Sophos AutoUpdate - Error 25010. An error occurred while running the custom action 'UpdateProductInfo'. Reason: Unable to read ProductID.dat or Migration.dat. Contact your support personnel.

Data Control DEF92713 Data Control causes a Windows 8 tablet to start slowly.
Sophos Web Control DEF96534 Adding a period to the end of a URL blocked by domain name allows to access the URL.
Sophos Web Control DEF95866 A "this page has been blocked" pop-up message is displayed for an allowed page that has links to a website blocked by category (for example, Facebook, when blocked under the Personals and Dating category).
Sophos Web Control DEF95685 Endpoints do not automatically get a web control policy from a new Sophos Web Appliance (SWA) or UTM appliance after they have been managed by a different SWA or UTM appliance.
Sophos Web Control DEF95345 Add support for WebSockets in Sophos Web Intelligence (SWI) service.

Version 10.3.7, April 2014

Components

Sophos Anti-Virus (SAV) 10.3.7
Threat detection engine 3.51.1
Sophos Client Firewall (SCF) 3.0.3 (Windows 8)

2.9.4 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 3.1.1.18
Sophos Patch Agent 1.0.307.0

New features

Component Description
Sophos Anti-Virus The threat detection engine has been updated.
Sophos Anti-Virus The Sophos Anti-Virus drivers have been rebuilt with an updated compiler.
Sophos Device Control Sophos Device Control can now block access to smart phones or other devices that use the MTP/PTP protocols. This option can only be set centrally at the management console.
Sophos AutoUpdate The back-end updating system has been upgraded.
Sophos AutoUpdate The threat data is now distributed as a supplement, which is updated independently from Endpoint Security and Control and allows for more frequent updates.
Sophos Client Firewall A number of security enhancements have been implemented in Sophos Client Firewall.
Sophos Patch Windows 8 support.
Sophos Web Control Windows 8 support.

Resolved issues

Component Issue ID Description
Sophos Device Control DEF93728 Add IronKey Enterprise D250 4GB to the list of secure removable storage devices.
Sophos Device Control DEF93180 Add Kingston DataTraveler Locker+ G2 8GB to the list of secure removable storage devices.
Sophos Device Control DEF91534 If device control is enabled on a computer running VMware Tools and access to floppy disk drives is set to read-only, this message is repeatedly displayed on the desktop: "Access to device blocked by Sophos. Write access to controlled device type 'Floppy disk drives' blocked by the administrator". The message is also added to the log. This happens because the VMware Tools service attempts to access the floppy drive every few seconds (and will continue to do so even if the floppy drive is no longer connected).
Sophos Device Control DEF73772 Sophos Device Control displays the message "Device Control failed when checking volume access: device name=\device\volume, errorCode-0x8000ffff". This is because an error has occurred in the process that checks whether a device is read-only.
Sophos Device Control DEF87140 Realtek RTL8187B Wi-Fi chipset is not detected as a Wi-Fi device by Device Control.
Sophos Anti-Virus SUG94215 Policies lost on downgrade from version 10.3.3 (Preview) to version 10.3.1 (Recommended).
Sophos AutoUpdate DEF94488 The version of Sophos AutoUpdate is incorrectly reported in the Sophos Endpoint Security and Control user interface for non-administrator users.
Sophos AutoUpdate DEF94174 Enhance security permissions on the AutoUpdate program folder.
Sophos AutoUpdate DEF85587 Sophos AutoUpdate uninstallation or reinstallation fails if certain components are missing.
Sophos Client Firewall WKI94527 Microsoft update KB2887595 for Windows 8.1 causes a conflict with Sophos Client Firewall.
Sophos Web Control DEF79725 Sophos Web Control doesn't work when a user uses Internet Explorer in the new Windows 8 UI.

Version 10.3.1, February 2014

Components

Sophos Anti-Virus (SAV) 10.3.1
Threat detection engine 3.50.1
Threat data 4.98, February 2014
Sophos Client Firewall (SCF) 3.0.0 (Windows 8)

2.9.3 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 2.9.0

New features

Component Description
Sophos Anti-Virus The threat data has been updated.

Resolved issues

Component Issue ID Description
Sophos Anti-Virus DEF93356 Vulnerability in Microsoft Detours software used in Sophos Anti-Virus.

Version 10.3.1, January 2014

Components

Sophos Anti-Virus (SAV) 10.3.1
Threat detection engine 3.50.1
Threat data 4.97, January 2014
Sophos Client Firewall (SCF) 3.0.0 (Windows 8)

2.9.3 (Windows 7 and earlier)

Sophos AutoUpdate (SAU) 2.9.0

New features

Component Description
Sophos Anti-Virus The threat detection engine and threat data have been updated.

Known issues and limitations

Component Issue ID Description Comment
Sophos Anti-Virus WINEP-1862 If you have a version of Sophos Anti-Virus installed that is earlier than 10.3.15, and choose to uninstall it from the Windows 10 Setup wizard, What needs your attention screen by using the Uninstall button, not all of the Endpoint Security and Control components will be removed.

We recommend that you upgrade to Endpoint Security and Control 10.3.15 before upgrading to Windows 10.

For more information about removing Endpoint Security and Control, see knowledgebase article 12360.

Windows 10 support
Sophos Anti-Virus - On 64-bit computers upgraded from Windows 8.1 to Windows 10, in the 32-bit version of Windows Explorer, the right-click option Scan with Sophos Anti-Virus does not work. (The option works correctly in the native 64-bit version of Windows Explorer.) This is due to a missing Sophos registry key, that has not been migrated during the OS upgrade.

To resolve this issue, re-protect the computers: in Enterprise Console, select the computers you want to re-protect, right-click, and then click Protect Computers. Follow the steps in the Protect Computers Wizard. Alternatively, to manually re-protect a computer, follow the steps provided in knowledgebase article 12386.

V.10.3.15, Windows 10 support
Sophos Anti-Virus - After an upgrade from Windows 8.1 (either 64-bit or 32-bit) to Windows 10, if a computer is started in safe mode, the Sophos Anti-Virus service (SAVService.exe) fails to start. This is due to a missing Sophos registry key, that has not been migrated during the OS upgrade.

To resolve this issue, re-protect the computers.

V.10.3.15, Windows 10 support
Sophos Anti-Virus - After an upgrade from Windows 8.1 (either 64-bit or 32-bit) to Windows 10, the Sophos Healthcheck tool fails with warnings about missing registry keys. This is because some of the Sophos registry keys have not been migrated during the OS upgrade.

To resolve this issue, re-protect the computers.

V.10.3.15, Windows 10 support
Sophos Anti-Virus WINEP-1813 On SAV upgrade, for example, from 10.3.12 to 10.3.15, the following error may appear in Enterprise Console and in the SAV log on the endpoint:

Web protection is no longer functional. The filtering driver has been bypassed or unloaded 0xa058000c

This issue is caused by Sophos Client Firewall blocking the web protection processes. To work around it, allow the processes in the firewall policy in Enterprise Console as follows. In the advanced Firewall Policy configuration dialog, under Configurations, click Configure next to a location you want to configure, go to the Processes tab, click Add to allow an application to launch hidden processes and add the following files: swi_lspdiag.exe and swi_lspdiag64.exe.

V.10.3.15
Sophos Anti-Virus - When a computer is upgraded to Windows 10, the following error may be reported against it in Enterprise Console:

Web Protection is no longer functional. The filtering driver has been bypassed or unloaded. [0xa058000c]

These errors can be safely ignored. To remove them from Enterprise Console, after the computer has been upgraded to Windows 10, right-click the computer, click Resolve Alerts and Errors, select the errors and click Acknowledge.

V.10.3.15, Windows 10 support
Sophos Anti-Virus WINEP-1770 Sophos Anti-Virus doesn’t support Hypervisor enforced Code Integrity introduced in the Enterprise lockdown mode. V.10.3.15, Windows 10 support
Sophos AutoUpdate WINEP-1841

The update log (C:\ProgramData\Sophos\AutoUpdate\logs\alc.log) contains messages about “skipped” components that are not included in this version of Endpoint Security and Control, for example:

Installation of Sophos Network Threat Protection skipped

Installation of Sophos System Protection skipped

These messages can be safely ignored.

 
Sophos Client Firewall - After upgrading to Windows 10 a computer with a standalone installation of Sophos Endpoint Security and Control that includes Sophos Client Firewall, the firewall configuration cannot be applied. The following errors are logged in the firewall system log:

Failed to configure the firewall.

Failed to update the filter rules, error 80004005.

To resolve this issue, restart the computer.

V.10.3.15, Windows 10 support
Sophos Client Firewall WINEP-1819 After an upgrade from Windows 7 to Windows 10, the firewall Windows 7 driver SCFNdis.sys is migrated but cannot be loaded and may cause a system error when the computer is booted.

To resolve this issue, browse to the folder C:\Windows\System32\drivers and delete the file SCFNdis.sys.

V.10.3.15, Windows 10 support
Sophos Client Firewall - When a computer is upgraded to Windows 10, the following errors may be reported against it in Enterprise Console:

Failed to configure the firewall.

Failed to update the filter rules, error 80004005.

These errors can be safely ignored. To remove them from Enterprise Console, after the computer has been upgraded to Windows 10, right-click the computer, click Resolve Alerts and Errors, select the errors and click Acknowledge.

V.10.3.15, Windows 10 support
Sophos Client Firewall - It is not possible to deploy Sophos Anti-Virus and Sophos Client Firewall to a Windows 10 endpoint at the same time from Sophos Enterprise Console.

Workaround: Deploy Sophos Anti-Virus first, and then re-run the Protect Computers Wizard and deploy Sophos Client Firewall.

Windows 10 support
Sophos Client Firewall - On upgrade to Windows 10, Sophos Client Firewall loses all custom configuration settings and reverts to the default settings. Custom configuration settings need to be re-applied following the upgrade.
  • If you use Enterprise Console to manage Sophos Client Firewall, re-apply the firewall policy to the computer after you upgrade it to Windows 10. In Enterprise Console, in the computer list, the computer’s policy compliance will be shown as “Differs from policy”. Right-click the computer, click Comply with and then click Group Firewall Policy.
  • If you use a standalone installation of Endpoint Security and Control and Sophos Client Firewall, before you start the upgrade to Windows 10, export the firewall configuration to a file: open Sophos Endpoint Security and Control and on the Home page, under Firewall, click Configure firewall, click Export and save the configuration file.

    After the upgrade to Windows 10, import the configuration file: under Firewall, click Configure firewall, and then click Import.

V.10.3.15, Windows 10 support
Sophos Client Firewall WINEP-1758 On Windows 10, a dual location firewall policy cannot be applied to an endpoint when both locations are visible (this includes VPN connections). The following errors appear in the firewall system log:

Failed to configure the firewall

Failed to update the filter rules error 80004005

Workaround: Disable configuration for a secondary location, or use Windows Firewall instead.

Windows 10 support
Sophos Patch WINEP-1818 In Enterprise Console, in the Protect Computers Wizard, Windows 10 is not listed in the list of platforms on which Patch is available, even though Sophos Patch Agent can be installed on Windows 10.
Note: Even though Sophos Patch Agent will install on Windows 10, it is not currently supported on it and will not report missing patch information.
Windows 10 support
Data Control DEF79180 Files that breach a data control rule can still be transferred to a Windows 8 storage pool.  
Installer DEF84838 Protecting Windows 8 or Windows Server 2012 computers that are in a workgroup from Sophos Enterprise Console 5.1 on Windows Server 2008 or Windows Server 2008 R2 fails with the errors "Failed to launch setup.exe" and "2147942405".

For more information and instructions on how to enable deployment, see http://www.sophos.com/en-us/support/knowledgebase/118354.aspx.

 
Sophos Anti-Virus DEF84420 If you use a browser's Windows 8 Modern UI application to access a malicious website, and you click the toast that Sophos Anti-Virus displays, the browser is minimized and the desktop is displayed instead. To switch back to the browser, press Alt+Tab.  
Sophos Anti-Virus DEF83463 Although Sophos Anti-Virus can scan files that are locked during an on-demand scan, it cannot perform cleanup successfully.  
Sophos Anti-Virus DEF79482 iSCSI mount points cannot be excluded from on-access scanning.  
Sophos Anti-Virus, Sophos Web Control - Sophos web protection and web control use a Layered Service Provider (LSP) to intercept network traffic. If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see http://www.sophos.com/en-us/support/knowledgebase/116241.aspx.  

Additional information

System requirements

Sophos Endpoint Security and Control is supported on Windows XP/2003/Vista/2008/7/8/2012/Windows 10. For a full list of system requirements, see System Requirements for Antivirus protection for Windows.

Which maintenance version of Endpoint Security and Control do I have?

To find out which maintenance version of Endpoint Security and Control (for example, 10.3.7) is running on your computer:

  1. Open Endpoint Security and Control.
  2. In the left-hand pane, under Help and information, click View product information.
  3. Under Anti-virus and HIPS, click Software.

Deployment

Automatic deployment of Endpoint Security and Control to Windows 8 and Windows Server 2012 from Enterprise Console requires Enterprise Console 5.1 or later.

Automatic deployment of Endpoint Security and Control to Windows 8.1 and Windows Server 2012 R2 from Enterprise Console requires Enterprise Console 5.2.1 R2 or later.

If you are using Enterprise Console 5.0 or earlier, you can install the software by running the installer from a bootstrap location that contains a software subscription for version 10.3. For more information on manual installation, see http://www.sophos.com/en-us/support/knowledgebase/12386.aspx.

Support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2

  • Endpoint Security and Control uses toast notifications instead of balloon notifications to display messages on screen.
  • If you specify a user-defined message to be displayed in desktop messages, it is not displayed in toasts. For more information, see http://www.sophos.com/en-us/support/knowledgebase/118233.aspx.
  • If Sophos Anti-Virus cleans up a threat that affects a Windows Store app, it marks the app as tampered with. This causes Windows to offer the user the ability to re-download and re-install the app.
  • Rootkit scanning is not supported on REFS file systems on Windows Server 2012 and Windows Server 2012 R2. If the user attempts a rootkit scan on this file system, a message will be logged in the SAV log telling them that rootkit scanning is not supported.

Sophos Client Firewall

  • A number of features have been removed from Sophos Client Firewall 3.0 for Windows 8:

    Interactive mode
    Hidden process detection
    Modified memory detection
    Rawsocket applications (rawsockets are treated the same as other connections)
    Non-stateful rules
    The option Concurrent connections for TCP rules
    The option Where the local port is equal to the remote port

  • Sophos Client Firewall does not support the "mobile broadband" driver model in Windows 7.
  • When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
  • When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.

Application Control

When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

Sophos Device Control

Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

Unsupported scenarios

  • Endpoint Security and Control standalone installations do not support Windows Server Core.
  • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.

Shared Windows components

When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

Sophos software Shared Windows component
Name File names Versions Date of inclusion with Sophos software
Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
msxml4r.dll 4.30.2100.0 September 2009
ATL Library atl90.dll 9.0.30729.4148 June 2013
Microsoft Visual C/C++ Runtime Libraries msvcm90.dll 9.0.30729.4148 June 2013
msvcp90.dll 9.0.30729.4148 June 2013
msvcr90.dll 9.0.30729.4148 June 2013
Sophos Client Firewall 3.0 for Windows 8 Microsoft XML Core Services msxml4.dll 4.30.2100.0 June 2013
msxml4r.dll 4.30.2100.0 June 2013
Microsoft Visual C/C++ Runtime Libraries msvcm90.dll 9.0.30729.6161 June 2013
msvcp90.dll 9.0.30729.6161 June 2013
msvcr90.dll 9.0.30729.6161 June 2013
Sophos Client Firewall 2.9 for Windows 7 and earlier Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
msxml4r.dll 4.30.2100.0 September 2009
Microsoft Visual C/C++ Runtime Libraries msvcm90.dll 9.0.30729.6161 October 2013
msvcp90.dll 9.0.30729.6161 October 2013
msvcr90.dll 9.0.30729.6161 October 2013

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2011–2016 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.